IN THE CLAIMS 



1-8. (Canceled) 

9. (Currently Amended) A computer-implemented method for establishing an affiliation 
within a single sign-on system, comprising the steps of: 

establishing one or more affiliations of computer-implemented service providers, 
each affiliation collectively programmed to act as a single entity on a network for 
purposes of any of authentication, federation, and authorization; 

establishing a computer-implemented owner of each said affiliation that is 
programmed to maintain a list that shows which service providers are members of said 
affiliation, as well as any control structure or meta-data associated with said affiliation; 
and 

providing a unigue identifier for each said affiliation within said single sign-on 
system in which said affiliation is defined. 

A m e thod for e stablishing an affiliation with i n a s i ngl e sign - on syst e m, comprising th e 
st e ps of: 

d e fin i ng a group of s e rv i c e provid e rs that act as a s i ng le entity on a n e twork for 
purpos e s of any of auth e ntication, f e d e ration, and authorizat i on; 

providing a plurality of princip a ls that can acquir e a fed e rat e d id e ntity and bo 
authenticated and vouch e d for by an i d e nt i ty provid e r; and 

providing an i d e ntity provid e r for auth e nticating and vouching for principals. 

10. (Currently Amended) The method of Claim 9, further comprising the steps of: 

each one of multiple principals acquiring a federated identity; 

providing an identity provider programmed to authenticate and vouch for said 
principals. 
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a principal l ogging into said id e ntity provid e r; 

said principal visiting a first s e rvic e provider and f e d e rating to said group; and 
said princ i pal th e n visiting any oth e r s e rvic e provid e r within said group. 

1 1 . (Currently Amended) The method of Claim 10^ Or further comprising the steps of: 

a principal logging into said identity provider; 

said principal visiting a first service provider and federating to said affiliation; and 

said principal then visiting any other service provider within said affiliation without 
having to separately federate to said other service providers. 

d e fining an own e r of said affiliation that is r e sponsibl e for maintaining a l ist that 
shows w hich servi c e provid e rs ar e m e mb e rs o f said affi l iat i on, as w e ll as any control 
structur e o r meta data as soc i at e d with said affiliat i on. 

12. (Canceled) 

13. (Original) The method of Claim 9, further comprising the step of: 

providing a discovery service for enabling a web service consumer to discover 
service information regarding a user's personal web services. 

14. (Original) The method of claim 13, further comprising the step of: 

providing a web service consumer associated with a service provider for 
reguesting a service descriptor and assertion for service from said discovery service 
and for presenting an assertion from said other service provider with affiliate 
information. 
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15. (Original) The method of Claim 14, further comprising the step of: 

said discovery service checking said other service provider affiliation and 
generating a service assertion based upon said other service provider affiliation. 

16. (Original) The method of Claim 15, further comprising the step of: 

said web service consumer invoking a service with said service assertion via a 
web service provider. 

17. (Currently Amended) The method of Claim 9, wherein said affiliation group has an 
identifier that is unique within a single sign-on system in which said affiliation group is 
defined. 

18. (Currently Amended) The method of Claim 9, wherein service providers within a 
single sign-on system may be members of multiple affiliations, but are programmed to 
act only groups, but can on l y act with a single affiliation for any given transaction. 

19. (Currently Amended) The method of Claim 9, wherein a user federating with an 
affiliation a group automatically federates with all members of said affiliation, group. 

20. (Currently Amended) The method of Claim 9, wherein a user authorizing access to 
a service by said federation authorizes access to any member of said affiliation, group. 

21 . (Currently Amended) The method of Claim 9, further comprising the step of: 

providing a unique identifier for every any sor v ice prov i der/group affiliation , and 
responsive to wh e r ei n if a service provider having a service provider identity requesting 
r e qu e sts an identity of a user through different group affiliations, said service provider 
receiving r e c e iv e s different, unique identifiers for each group affiliation. 
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22. (Currently Amended) The method of Claim 9, further comprising the step of: 

providing a common sam e identifier to all members of said affiliation group when 
they are acting as a part of said group affiliation. 

23. (Currently Amended) The method of Claim 9, further comprising the step of: 

providing an affiliation name identifier for allowing sites to handle an automatic 
federation that take place with all members of said affiliation, group. 

24. (New) The method of claim 9, wherein said network comprises: 

a web services-based service infrastructure in which users manage sharing of 
their personal information across identity providers and service providers. 

25. (New) The method of claim 24, wherein said web services implement a lightweight 
protocol for exchange of information in a decentralized, distributed environment, and 
said protocol comprises an envelope that defines a framework for describing what is in 
a message and how to process it, a set of encoding rules for expressing instances of 
application-defined data types, and a convention for representing remote procedure 
calls and responses. 

26. (New) A computer-implemented affiliation system, comprising: 

a computer-implemented affiliation of computer-implemented service providers 
collectively programmed to act as a single entity on a network for purposes of any of 
authentication, federation, and authorization; 

said affiliation including a computer-implemented owner of said affiliation that is 
programmed to maintain a list that shows which service providers are members of said 
affiliation, as well as any control structure or meta-data associated with said affiliation; 
and 
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wherein said owner is programmed to provide a unique identifier for said 
affiliation within said single sign-on system in which said affiliation is defined. 
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